package com.cj.protectsessions;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import net.devkit.common.toolkit.DevConstant;
import net.devkit.common.toolkit.StringUtils;

/**
 * 该方法保证了sessionid的产生和使用必须是同一个IP地址，
 * 但这种方法有时候也不可靠，有些人公司是多个IP上网的，这多个IP是由网关自动切换的，
 * 那么可能出现的情况是明明刚登陆成功，却显示没有登录
 */
@WebFilter(description = "ProtectSessionsFilter", 
	urlPatterns = { "*.htm" }, 
	initParams = { 
		@WebInitParam(name = "redirect", value = "/user/login.htm") }
)
public class ProtectSessionsFilter implements Filter, ProtectSessions {
	private FilterConfig config;
	private static boolean no_init = true;

	public void init(FilterConfig paramFilterConfig) throws ServletException {
		this.config = paramFilterConfig;
		no_init = false;
		System.out
				.println("(c) Coldbeans info@servletsuite.com  Protected sessions ver. 1.3");
		initRoute();
	}

	public void destroy() {
		this.config = null;
	}

	public FilterConfig getFilterConfig() {
		return this.config;
	}

	public void setFilterConfig(FilterConfig paramFilterConfig) {
		if (no_init) {
			no_init = false;
			this.config = paramFilterConfig;
			System.out
					.println("(c) Coldbeans info@servletsuite.com  Protected sessions ver. 1.3");
			initRoute();
		}
	}

	public void doFilter(ServletRequest paramServletRequest,
			ServletResponse paramServletResponse, FilterChain paramFilterChain)
			throws IOException, ServletException {
		HttpServletRequest localHttpServletRequest = (HttpServletRequest) paramServletRequest;
		HttpSession localHttpSession = localHttpServletRequest
				.getSession(false);
		ServletContext localServletContext = this.config.getServletContext();
		if (localHttpSession == null) {
			paramFilterChain
					.doFilter(paramServletRequest, paramServletResponse);
		} else {
			Object localObject = (String) localHttpSession
					.getAttribute("prtctsssfltcj2011");
			String str1 = localHttpServletRequest.getRemoteAddr();
			if (localObject == null) {
				localHttpSession.setAttribute("prtctsssfltcj2011", str1);
				localObject = str1;
			}
			if (((String) localObject).equals(str1)) {
				paramFilterChain.doFilter(paramServletRequest,
						paramServletResponse);
			} else {
				HttpServletResponse localHttpServletResponse = (HttpServletResponse) paramServletResponse;
				String str2 = DevConstant.BASEPATH + this.config.getInitParameter("redirect");
				localHttpSession.invalidate();
				if(StringUtils.isEmpty(str2)) {
					paramFilterChain.doFilter(paramServletRequest,
							paramServletResponse);
				} else if (getRedirect(str2)) {
					localHttpServletResponse.sendRedirect(str2);
				} else {
					RequestDispatcher localRequestDispatcher = localServletContext
							.getRequestDispatcher(str2);
					localRequestDispatcher.forward(paramServletRequest,
							paramServletResponse);
				}
			}
		}
	}

	public void initRoute() {
		//ServletContext localServletContext = this.config.getServletContext();
		String str = this.config.getInitParameter("redirect");
		if (str == null)
			System.out
					.println("Session Life Time filter: could not get an initial parameter redirect");
	}

	private boolean getRedirect(String paramString) {
		int i = paramString.indexOf(":");
		if (i <= 0)
			return false;
		String str = paramString.substring(0, i).toUpperCase();
		return str.startsWith("HTTP");
	}
}